In this section, we describe a family of key agreement protocols initially employed only in MANETs and the way that can be implemented in a MANET/mesh internetworking system.
In the approach described in Section 5, the only way to obtain a common session key when one or more nodes depart from the established MANET is to start over the algorithm from the very first step. Furthermore, there are no intermediate session keys stored between nodes that are still part of the network, which could be proven to be useful for node-to-node communication, when global session key is no longer valid due to network reform. Such approaches tend to be sufficient in relatively stable networks, where their topology does not change frequently. However, when network topology dynamicity increases, creating new global session keys very often is not the optimum solution.
The following algorithms propose efficient means for creation and use of intermediary session keys at the same time with the creation of the global network key, which can be used both for subgroup communications and as intermediate step for key refreshment of the global session key, without the obligation to restart the group key agreement.
6.1. The Body-Centered Cubic (BCC) Algorithm
The body-centered cubic algorithm [16] is a cryptographic key agreement algorithm that initiates from a tree-arrangement of 3-d cubes; it is based on the aggressive 3-d cube algorithm and employs the body-centered cubic (BCC) structure for the dynamic case. For simplicity purposes, in the rest of the paper, each bond in 2-d or 3-d space corresponds to a two-party password-based elliptic curve Diffie-Helman key exchange, as described in Section 5.2.3.
6.1.1. Initial Node Arrangement
The proposed system is based on the 3-d aggressive d-cube algorithm [17]. The initial key agreement procedure depends on the number of ad hoc nodes that wish to establish a MANET. We denote the number of nodes as n. In contrast to [17], in the proposed system, there is no need for d-dimension hyperspaces. The maximum order is the 3-d space. Nodes of the network are always arranged in the 3-d space, except the case that
where we can use the 2-d plane. Therefore, when we have a large number of nodes, they must be divided and arranged in 3-d cubes that each contains eight nodes. Each cube selects a leading node that will act as an intermediary between the corresponding cube nodes and the rest of the ad hoc network. The leading nodes constitute a new group; however, they follow the same rules for initial arrangement, that is, they are arranged in a new 3-d cube. In the case where the number of leading nodes is greater than eight (i.e., the number of all ad hoc nodes is greater than 64), they also need to elect leading nodes in their group that will act as their representatives to the ad hoc network. In such a case, the leading nodes elect higher level leaders in a tree model according to [18]. We consider the latter case as an extreme case since from a practical point of view typical ad hoc networks do not exceed 64 nodes. Figure 6 shows an initial arrangement of a 32-node network. Nodes are arranged in four independent cubes and each cube elects a leader (dashed annotation). Node arrangement and addressing can be performed in any way, as far as every simple-cube node has wireless connection with the rest of the seven nodes of the corresponding cube. This requirement must be also fulfilled by the leading nodes among themselves; therefore, it is an important criterion for the selection of a leading node within a simple cube.
6.1.2. Initial (Static) Key Agreement
Next, after the initial 3-d arrangement, BCC creates a common network key. In the proposed system this is done in two steps.
During the first step, the leading nodes perform a 3-d aggressive cube algorithm and they create a global session key. In the second step, every group performs a 3-d aggressive
-cube and establishes a simple-cube session key. During the simple-cube key generation, the leading nodes transmit the global session key that they have already established in step 1 to the remaining seven nodes of the group. After the second step, every node has a contributory simple-cube session key
for the cube that is part of, and the global session key of the entire network
.
In the first step, nodes
of cube
,
of cube
,
of cube
, and
of cube
are elected as leading nodes of the corresponding cubes. Since they are four, they perform a 2-d aggressive algorithm, and they establish a global session key
. If there are than four and equal or less than eight 3-d cubes, their leaders should perform a 3-d aggressive cube algorithm. In this case, the leading nodes can use the first two digits of their addressees as a 2-d address for the 2-d aggressive algorithm, that is,
,
, (10), and
. If other nodes are elected as cube leaders due to communication constraints, they should be addressed in a separate way than the one employed in their 3-d cube (second addressing is required).
Once the global session key of a group
is established the cubes perform a 3-d aggressive
-cube, and they establish the simple-cube session key
. The final step is that each cube leader broadcasts the global key encrypted with the simple-cube key to the rest of the cube members. At the end of the protocol, every node has a simple-cube session key
for secure communications among nodes of simple-cubes, and a global session key
, for the entire group (mesh or MANET).
6.1.3. BCC for the Dynamic Case
Above, we described the initial arrangement-addressing of nodes and the generation of a global and of simple-cube session keys. These keys are static, since if there is a need to add new nodes to the network, the key generation procedure must be repeated. Here, we describe an efficient method for dynamic key generation every time new nodes arrive to or depart from our network. The proposed dynamic algorithm is based on the body-centered cubic structure, and we call it BCC algorithm.
The body-centered cubic (bcc) structure is a cube with an additional node in the center. Figure 7(a) shows a typical cube while Figure 7(b) depicts a body-centered cube. If we consider the grid case, the bcc structure is a set of bcc cubes. The BCC algorithm for dynamic changing topologies is presented through two cases: addition of new nodes to an established network and extraction of network nodes.
Case 1 (Adding nodes to an established network).
The BCC algorithm operates in the following way: assume that a group has been established as previously described. Assume that one simple cube of this network is depicted in Figure 7(a). At some point of time, seven new nodes arrive and request to join the network. If the number of the new arriving nodes m is a multiple of 8, that is,
, then in groups of 8, they perform aggressive cube algorithms and each group elects a leader that will contact leaders of new groups and leaders from the established network in order to create a new global session key. If
, then we will have
new groups of 8 nodes where
is the integer part of
and
the number of the remaining nodes where
while the
groups of 8 nodes will perform new aggressive cube algorithms, the remaining node will attach to an existing cube of the network in the following way.
The first four new nodes are assigned addresses that correspond to the center of the existing cube the centers of the right, upper, and front cubes as shown in Figure 7(c) while the last three are assigned addresses that correspond to the centers of the left, back, and down cubes as shown in Figure 7(e). Keep in mind that the six neighboring cubes do not exist as network cubes; they are used as geometrical objects for demonstration purposes of the BCC algorithm. The first four new nodes (the body-centered cubic node and three central nodes of neighbor cubes) create a new cube with four nodes of the preexisting network cube as shown in Figure 7(d), and they perform a new aggressive cube algorithm. The latter 3 new nodes together with the body-centered cubic node (the node assigned to center of the existing cube of the network that has already participated in the previous new aggressive cube), and the remaining four nodes of the preexisting cube of the network perform a second new aggressive cube algorithm as shown in Figures 7(e) and 7(f).
The preexisting network nodes are colored black while the new arriving nodes are in gray color. Figure 8 demonstrates the BCC algorithm and the process that initiates with an existing network cube and concludes to two new cubes that both have the central node (body-centered cubic node) of the initial cube as common node.
Case 2 (Extracting nodes from an established network).
The process for extraction of nodes from an established network (MANET or mesh) is similar to the addition of new nodes to such a network. The remaining nodes of a simple cube find close cubes and perform the BCC algorithm. This process changes only the global session key of the network, since according to BCC algorithm cube leaders have to establish a new global key; however, the simple cube session keys of the rest of the MANET cubes remain unchanged. Figure 9 demonstrates the simple case where one node leaves an established cube (node 100 of the left cube of Figure 9(a)). The remaining seven nodes take place according to the BCC algorithm at the centers of the geometrically neighboring cubes of the right cube of Figure 9(a), as shown in Figure 9(b). The BCC algorithm concludes with the generation of two new cubes as shown in Figure 9(c).
6.2. The Face-Centered Cubic (FCC) Algorithm
The face-centered cubic algorithm is shown in Figure 10. The first 8 nodes (or less) are arranged in a 3-d cube as shown in the left side of Figure 3. They perform an aggressive 3-d cube algorithm and obtain a common session key. The first 6 nodes that will arrive in a later phase will be arranged in the centers of the six faces of the cube as shown in the central picture of Figure 3.
The 6 new nodes together, with nodes
and
that contributed to the initial cube, create a new cube and perform a new (second) aggressive 3-d cube algorithm. This way the inner cube creates a second common session key. After the setup of the second session, key nodes
and
hold both session keys corresponding to both cubes. This privilege makes nodes (
and
leading nodes for the established network since any communication between black and grey nodes should pass through them. If we wish to avoid this hierarchy in our network, during the set up of the common session key within the inner cube, nodes
and
propagate the common session key of the initial (black) cube to the new nodes. This way the first session key can be used by all nodes to communicate securely with each other, while the second can be used for the secure communication of the internal (grey) cube.
The addressing of the new nodes is shown in Figure 11. We observe that the 2 old (black) nodes keep the same address with the one they had during the setup of the first session key. For the communication between nodes belonging to different cubes there is a separate metric (cube number) declaring the cube that the node is belonging to. In this example, black nodes are identified as cube 1 nodes, grey nodes are identified as cube 2 nodes, and nodes
and
have both identifiers since they belong to both cubes.
In the hierarchical model, where every cube has its independent session key, key refreshment due to departing nodes is easy. As soon as a node is leaving the network, the rest nodes of the common cube, perform a new aggressive 3-d cube algorithm and create a new session key. In case the leaving node is belonging to two consecutive cubes, a new aggressive 3-d cube algorithm is performed automatically to both cubes.
In the case where the previous session keys belonging to previous cubes are forwardly distributed to the next cubes, the key renewal should be performed to all previous cubes. This appears not to be a desired feature, since if there is a departure in the last cube all previous stages/cubes will be affected. However, this can be also avoided if the set up is a combination of the two solutions. Periodically the key forwarding method is interrupted by the hierarchical solution. This way, we create isolated groups of concatenated cubes and any necessary key refreshment is bounded within these groups.
6.3. The Tetrahedral Approach
In the tetrahedral approach [19], in contrast to [16, 20] all intermediate two-party ECDH keys are stored by each node. This way, when a global session key has been created, every node in the d-dimensional cube maintains also a list of all the two-party ECDH keys that has created with every of her closest neighbors during the global key generation.
In the BCC and FCC approaches as described above, as soon as the initial phase of the proposed algorithm is completed, each node posses the global session key, and the two-party keys with her closest neighbors. At that point, if a node leaves the network, the global session key should be refreshed and in the meantime, secure communications would be only available between couples of closest neighbors that have already established two-party keys during the creation of the latest session key, which is no longer valid. This way, communication between distant neighbors, is only available through multihopping between nodes that, in couples, maintain valid two-party keys. This would add another requirement for routing metric information maintenance by all nodes, in order to serve each other to find the right secure path in the network. Solution to this direction is provided by the proposed integration of tetrahedral group key agreement in the existing cubes. The proposed structure covers both cases (
-cube and aggressive
-cube) and takes place right after the creation of the global session key.
Below, the procedure is explained in detail.
As soon as the global session key has been created (round 3 in the 3-d example) all nodes establish two-party ECDH with their second level closer neighbors. There nodes are actually the ones based on the diagonal of each cubic surface. The algorithm is better demonstrated in Figure 12. Figure 12(a) describes the cube created after the global key agreement, while Figures 12(b) and 12(c) demonstrate the two-party ECDH key exchanges between the second order neighbors. All these additional two-party ECDH key exchanges form the two internal tetrahedrons inside the cube as shown in Figures 12(b) and 12(c). Figure 13 depicts the two internal tetrahedrons isolated by the cube. The process for the establishment of these tetrahedrons, in terms of two-party ECDH key agreements, is depicted in detail in Figure 14. We can observe that two-party ECDH key agreements take place on nonconnected segments. Although that after the second round the tetrahedrons have formed their global session keys, the algorithm has another final step, by covering all available segments.
This is due to two reasons: every node has a two party key with all nodes of the cube except the most distant node. For example,
has two party keys with every node of the cube except node
. Besides the group session keys among every 4 nodes forming a square edge of the cube, the four triangles of each internal tetrahedron shares a common session key, since the ECDH key exchange this time is the party D-H key exchange instead of two-party in all other cases.
Let us provide an example to demonstrate the attributes of the proposed algorithm. The reference node for this example will be node
. During the initial 3-d or aggressive 3-d algorithm, node
creates three two-party keys with nodes
,
, and
and the global session key of the cube. During the tetrahedral algorithm, node
creates three two-party keys with nodes
,
and
. This way, node
maintains two-party keys with all nodes of the cube except
.
If any of its first and second order closest neighbor leaves the network, during the global key renewal node
will be still able to communicate with all expect one of the remaining nodes. However, this distant node (in the example node
) belongs to the other tetrahedron and has keys for communication with the remaining nodes.
In another case, if
decides to leave the network, its distant nodes, belonging to the left tetrahedron, do have keys for secure communications (a session key for the hole tetrahedron plus the two party keys among any pair of them), while the remaining three nodes
,
, and
of the right tetrahedron, besides the two-party keys, they have a three-party key established among them during the last stage of the tetrahedral key agreement algorithm. Therefore, when a node leaves the network, the remaining nodes have all the two-party session keys, a four-party session key of the tetrahedron that did not change formation, and a three-party session key of the triangle composed of the three remaining nodes of the tetrahedron that the leaving node was part of.
6.4. Analysis of the Algorithms
All proposed algorithms integrate elliptic curve cryptography together with the password-based DH key exchange protocols and extend this approach to the multiparty case where new network nodes arrive or existing network nodes depart from the network.
The static multiparty case is considered and after careful examination the aggressive
-cube algorithm is selected in the 3-d case. The algorithms are extended versions of the
-cube algorithm proposed in [7], with additional features that enhance the resistance against the dictionary attacks [5]. The basic idea behind the algorithms' design is to isolate the faulty nodes in the earliest possible stage. We managed to reduce the interaction with the faulty nodes and therefore minimize the exposure to dictionary attacks and other types of attacks. However, the aggressive behavior of the algorithm may lead to isolation of even legitimate members due to reasons such as the loss of commutation signal or the typo errors of the initial password during the authentication procedure. To overcome these kind of problems and to provide a more dynamic and robust solution, we propose the body-centered cubic (BCC) as well as the face-centered cubic (FCC) and the tetrahedral algorithm.
The BCC and the FCC algorithms can be considered as a series of different aggressive cube algorithms, each one performs for a different set of network nodes. In terms of two-party ECDH procedures, the BCC and FCC complexity is not higher than any of the single aggressive cube algorithms. This is because within a single two-party ECDH procedure of each algorithm, three ECDH procedures run simultaneously, each one corresponding to a different round of the aggressive cube algorithm.
The tetrahedral algorithm has significant differences compared with the BCC or the FCC algorithms. In this algorithm, all intermediate two-party keys are stored locally by the nodes and may be used during the network reformation process. Moreover, three-party keys are stored, providing the ability for secure subgroup communications among nodes that share the corresponding keys.
Depending on the mobility pattern and the reformation speed of the network, the aggressive
-cube algorithm is more efficient for almost static networks, the FCC approach would be more convenient for small-medium network reformation, BCC for medium-high network reformation and the tetrahedral algorithm would better facilitate high dynamicity in network reformation.